I've put together a functional GenericUserFolder for people to look at and give me feedback before a full release: http://www.zope.org/Members/Zen/GenericUserFolder It is simply a userfolder that calls ZODB methods to populate userlists, return roles etc. Out of the box it makes UserDB obsolete, and would allow etcUserFolder, LDAPAdaptor etc. to be cut back to external methods (giving more flexibility and allowing features like enhanced cookie handling to be done in one product that in every product). I don't know if the cookie authentication is working - I need to rewrite this as the implementation I stole from etcUserFolder (with the rest of the framework) seems to store the password in plaintext in the cookie. I'll end up passing a SHA hash of some description I think. The results from the methods are being cached in _v_ volatile attributes. I think this is the correct thing to do, but this means there is a seperate cache per thread (increased memory usage) as well as allowing the possibility of inconsistancys between threads as the seperate caches will expire at different times. Unless I steal someones existing Session product, I'll end up having to store the cookies in a dictionary on the server (as the clients won't be passing a password in a form I can send to authenticate) - I don't think this will cause a problem for any but the largest sites. Any hints on what will happen to this product with the eventual release of the portal toolkit? Will it become obsolete, or will it require reimplemntation from the ground up to fit in with the new framework? I need to know if there is any point polishing it up for release. ___ // Zen (alias Stuart Bishop) Work: zen@cs.rmit.edu.au // E N Senior Systems Alchemist Play: zen@shangri-la.dropbear.id.au //__ Computer Science, RMIT WWW: http://www.cs.rmit.edu.au/~zen